Poloniex Loses 12.3% of its Bitcoins in Latest Bitcoin Exchange Hack
The exchange took to Bitcoin Forum on 4th March to report it had been compromised by a previously unknown vulnerability in its coding.
Writing under the username Busoni, Poloniex owner Tristan D'Agosta, moved to calm concerned users by explaining what lead to the hack, as well as what the next steps from the company would be.
D'Agosta explained:
D'Agosta also detailed the exact process by which transactions on the exchange were confirmed to highlight the error, and further, took full responsibility for the loss, stating that he plans to repay the company's customers.
According to a Twitter post from the company, the original attack occurred during the early morning hours of 4th March.
Aware that markets are frozen. Some BTC was stolen. Details coming as soon as possible.
— Poloniex Exchange (@Poloniex) March 4, 2014
Behind the hack
Due to its current bitcoin shortage, Poloniex indicated that all customer balances would temporarily be reduced by 12.3% "out of absolute necessity". D'Agosta suggested that this was the only way that bitcoins could be distributed fairly among affected users.
Poloniex plans to record the balances and to pay back customers using exchange fees as well as personal contributions. As a result, he indicated that all exchange fees would be temporarily raised to 1.5%, up from 0.2%. Altcoin and bitcoin withdrawals have since been reinstated, going back online on 4th March after less than a day's delay.
System changes
D'Agosta did also credit his design with preventing a more massive bitcoin loss. For example, he noted that the company's existing security features noticed the unusual withdrawal activity and froze affected accounts.
In the attack announcement, D'Agosta listed a number of next steps his company would follow, including updating the withdrawal daemon to check for negative balances before processing withdrawals and freezing any account with a negative balance.
According to its Twitter feed, updates have already been made.
Withdrawal system redesigned, now requests are processed sequentially from a global command queue.
— Poloniex Exchange (@Poloniex) March 5, 2014
Moving forward
D'Agosta expressed his apologies for the attack and appealed to the community for continued feedback on he could improve the service. Said D'Agosta:
Response from the Bitcoin Talk community was largely positive, with many commenters posting messages of support for D'Agosta and his exchange.
Notably, the announcement follows a recent rush of attacks against bitcoin services, including Mt. Gox, Silk Road 2.0 – which has also embarked on a repayment plan, and Alberta-based "bitcoin bank" Flexcoin, which shut down its services on 4th March after losing $600,000 in bitcoins.
Image credit: Cybercrime via Shutterstock
DISCLOSURE
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.